assurance - Re: [Assurance] attacks on SMS-based 2FA
Subject: Assurance
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [Assurance] attacks on SMS-based 2FA
- Date: Thu, 24 Jul 2014 08:47:06 -0400
On Thu, Jul 24, 2014 at 8:32 AM, Caskey, Paul
<>
wrote:
> I would not throw all telephony-based MFA under the bus along with SMS...
>
> A crypto-based solution would not suffer from these problems.
Let me try to clarify. By "telephony-based" I mean SMS or voice. I
don't mean mobile apps (which I think of as a "soft token"). Comparing
SMS and voice, I think SMS is the stickler but in any case, a method
that depends on telco infrastructure is suspect. A mobile app doesn't
have that problem. Indeed, mobile apps run on devices that have no
cell service. It's the cell service I'm singling out as suspect, for
technical reasons (discussed in the blog article referenced earlier)
and for trust reasons.
Tom
- [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Von Welch, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Tom Scavo, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Farmer, Jacob, 07/24/2014
- Re: [Assurance] attacks on SMS-based 2FA, Cantor, Scott, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Mark Beadles, 07/24/2014
- RE: [Assurance] attacks on SMS-based 2FA, Caskey, Paul, 07/24/2014
Archive powered by MHonArc 2.6.16.